darkcomet | c16cd744f3cf8fa1d76bf16f6bec5baacb4114f7cec92b2c843aad8848344027 | Triage

Sharing

General

Target

0d2b4a88fb3d1db8e590ddb6d21a5b46_JaffaCakes118
Size

712KB
Sample

241003-a6k2nawalm
MD5

0d2b4a88fb3d1db8e590ddb6d21a5b46
SHA1

bf975637496cae9c9ae2214927fa79c2bce55fe2
SHA256

c16cd744f3cf8fa1d76bf16f6bec5baacb4114f7cec92b2c843aad8848344027
SHA512

9cb5904570aa20cd8ba26e2f5dba7068974a8998e437493ceb4a802b2d9fa04b3c9889666801674e42713a2fc4220c23a8b3aa6bb922aebb28e1ac27f0370ee9
SSDEEP

12288:OHLXDm9aA9/SYsPz2Io1OhK/F0z7g7b5d5yBRLDU+kuuHfKZBTcylenmCqh:Q69/SxiBA4F0zsf5jyDDUMySUmCqh

Score

10^/10

darkcomet guest16_min discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:4444

Mutex

DCMIN_MUTEX-FQV60ZZ

Attributes

gencode
cHPTvszRzUe5
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  0d2b4a88fb3d1db8e590ddb6d21a5b46_JaffaCakes118
- Size
  
  712KB
- MD5
  
  0d2b4a88fb3d1db8e590ddb6d21a5b46
- SHA1
  
  bf975637496cae9c9ae2214927fa79c2bce55fe2
- SHA256
  
  c16cd744f3cf8fa1d76bf16f6bec5baacb4114f7cec92b2c843aad8848344027
- SHA512
  
  9cb5904570aa20cd8ba26e2f5dba7068974a8998e437493ceb4a802b2d9fa04b3c9889666801674e42713a2fc4220c23a8b3aa6bb922aebb28e1ac27f0370ee9
- SSDEEP
  
  12288:OHLXDm9aA9/SYsPz2Io1OhK/F0z7g7b5d5yBRLDU+kuuHfKZBTcylenmCqh:Q69/SxiBA4F0zsf5jyDDUMySUmCqh
Score

10^/10

darkcomet guest16_min discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_mindiscoveryrattrojan

behavioral2

darkcometguest16_mindiscoveryrattrojan